Thanks for the reply.
I installed the rootkit, this was the only thing
that really displayed anything. I'm not sure what
it means? Everything else was nothing, nothing deleted etc.
Checking `chkutmp'... The tty of the following user process(es) were
not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 2570 tty1 /usr/bin/Xorg :0 -nr -verbose
-auth /var/run/gdm/auth-for-gdm-E11BQz/database -nolisten tcp vt1
chkutmp: nothing deleted
Lorenzo
On Fri, 2009-03-20 at 22:02 +0000, Alan Cox wrote:
On Fri, 20 Mar 2009 14:51:22 -0700
lorenzo <linux(a)nethere.com> wrote:
>
> I'm running the stock firewall on F10 and when I run the sectool
> the firewall always fails, It says.
>
> Error, Firewall, No firewall rules in IPv4 INPUT chain and policy
> is set to ACCEPT.
>
> There is always one active connection, even when I'm not accessing
> the net, no IM, NO browser, NO twitter etc. What is really strange,
> when I type anything network history shows an increase in data packets
> flowing out.
>
> My brother is the linux geek, but he is in iraq
The first thing you want is a tool called "chkrootkit", which is
basically a scanner for known trojans and attack tools used against Linux
boxes.
tcpdump might also give you some idea what is going out and where